APT37 Leverages Internet Explorer Zero-Day to Target South Korean Users

Context APT37 is a known, sophisticated North Korean state-backed actor that has historically leveraged Internet Explorer zero-days to target North Korean defectors, government officials, journalists, and activists in South Korea. Technical Details CVE-2022-41128 was patched by Microsoft on November 8, 2022. According to Microsoft, “this vulnerability requires that a user with an affected version of…

Read More

Sophisticated Campaign Targeting Cryptocurrency Firms

On December 6, 2022, Microsoft researchers reported technical details of a campaign targeting cryptocurrency organizations globally using what they describe as complex tactics. Community Impact Many retail, travel, and hospitality organizations maintain financial relationships with cryptocurrency firms for business reasons or accept cryptocurrency as payment and maintain relationships with organizing firms for financial reasons. As…

Read More

Double Trouble: Why Account Takeover and Fake Accounts are Still Succeeding

Account takeover (ATO) and fake account generation attacks have become wildly successful in recent years, so much so that the FBI’s Cyber Division issued a recent warning to businesses about the growing threat of automated attacks. To better understand the current landscape as it pertains to retailers, Kasada analyzed the National Retail Federation’s (NRF) Top…

Read More

Directors Elected to Retail & Hospitality ISAC Board

Vienna, VA (November 16, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced the results of the 2022 Board of Directors elections today. Rich Agostino, SVP and CISO at Target, and Dave Estlick, VP and CISO at Chipotle, were both re-elected for three-year terms on the board. Brett Cumming, senior director of information security at…

Read More

World Cup 2022 RH-ISAC Cyber Threat Landscape Summary

Context On November 20, 2020, the FIFA World Cup 2022 is scheduled to begin in Qatar. Multiple retail, hospitality, and travel organizations are involved in this event to varying degrees and on various fronts and may be affected, including: Organizations, especially hospitality organizations, with a presence in Qatar Organizations that handle sports betting Organizations that…

Read More

When Good Bots Go Bad This Holiday Season

As we approach this 2022 holiday season, retailers will be faced with myriad pressures, some a continuation of market conditions from years past, others a bit more unexpected. Supply chain challenges remain, but instead of empty shelves, there’s a twist — driven by changing consumer preferences and buying behaviors. Red-hot categories like apparel and home…

Read More

New Threat Group “Earth Longzhi” Targeting Global Government, Infrastructure, Aviation, Health, and Finance Orgs

On November 9, 2022, Trend Micro researchers reported two campaigns they attribute to a new threat group Earth Longzhi, which they assess is a subgroup of APT41. Context Trend Micro researchers based the assessed connection between the groups on shared targets, shared Cobalt Strike metadata, code similarities, and shared tactics, techniques, and procedures (TTPs). Impact…

Read More

New Report Examines Holiday Season Cyber Threat Trends in Retail and Hospitality

Vienna, VA (November 7, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released its Holiday Season Cyber Threat Trends report, which examines the threat landscape facing the retail and hospitality sector during the holiday season, typically the busiest time of year for these industries. According to the report, QakBot, Emotet, Agent…

Read More

Sentinel Labs Report Links Black Basta Ransomware Group TTPs to FIN7

On November 3, 2022, Sentinel Labs researchers published a report linking the Black Basta Ransomware group to FIN7 (also known as Carbanak) based on shared tactics, techniques, and procedures (TTPs) between Black Basta tools and FIN7 tools. Key Takeaways Key findings for the report include: SentinelLabs researchers describe Black Basta operational TTPs in full detail,…

Read More

OpenSSL Patches Two High Severity Vulnerabilities with Significant Barriers to Exploitation

On November 1, 2022, OpenSSL developers released details of two vulnerabilities: CVE-2022-3786 and CVE-2022-3602. Context In an accompanying blog post, OpenSSL explained that they downgraded the severity of the vulnerabilities to high from the originally announced critical level due to technical barriers to exploitation. No in the wild exploits or proofs of concept (POCs) are…

Read More